D/C/B-Series Authentication with VLAN-Tunnel-based VLAN ID Fails: "TunnelPrivateGroupId0 length is greater than 4!"

  • 0
  • 1
  • Article
  • Updated 5 years ago
Article ID: 16031 

Products
D-Series, firmware 6.03.09.0005 through 6.03.11.0004
C5-Series, firmware 6.42.01.0046 through 6.61.07.0010
C3-Series, firmware 6.42.01.0046 through 6.61.07.0010
B5-Series, firmware 6.42.01.0046 through 6.61.07.0010
B3-Series, firmware 6.42.01.0046 through 6.61.07.0010 

Changes
Configured authentication to use the vlan-tunnel attributes in the RADIUS reply to assign a VLAN to the authenticating user.
That is, using 'set policy maptable response tunnel' or 'set policy maptable response both'. 

Symptoms
Upon authentication, the VLAN assignment does not take place.
The error log contains message "TunnelPrivateGroupId0 length is greater than 4!

Cause
The server is inappropriately padding the VLAN ID with a NULL character, which for VLAN values greater than 999 will cause the length of the ID to exceed the defined spec maximum. 

Solution
For the D-Series, upgrade to firmware 6.03.12.0006 or higher.
For the C5, C3, B5, or B3-Series, upgrade to firmware 6.61.08.0004 or higher.
Photo of FAQ User

FAQ User, Official Rep

  • 13,620 Points 10k badge 2x thumb

Posted 5 years ago

  • 0
  • 1

There are no replies.

This conversation is no longer open for comments or replies.